RubyGems - active_storage_validations - Versions diffs - 1.3.0 → 1.3.2 - Mend

active_storage_validations 1.3.0 → 1.3.2

Files changed (54) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '09b483aef23513aaf10b56c6df6046078bf14e93fcfdebe2e82f2db862b85514'
-  data.tar.gz: d040c36c24fc1fb2b4d1a2e6bb92bde86521cedfda4b4e96436a10b364499f63
+  metadata.gz: 6e1145fabe1ee64e7f7033a38c5b1de1114b364e5e2d9eb010628afde0a3e0b3
+  data.tar.gz: 497b550e5d98bf96e4398969de34022b8e8f828003a620261909a6d39e349aff
 SHA512:
-  metadata.gz: eb6df31c0374b1bfa804281f0effbaa0443ff6a812abd4a46e1ac4293a881e691fd5c61cd4c2622b027085acb3d10c14255f04cac3bab01f13f133d2f26c60af
-  data.tar.gz: b5553a4a7a2f08542c8e6f9dd928b0cc78a09eb846f73346dcdec1b3826bb4a5f04ac200c21e6e2f0f58f6dcc173f226a04e7a2c85d7c15a24b5b827bfb04dcb
+  metadata.gz: b671b5b33834ff904de1dea6dca51bfd741eaf2e10d931896a6fc4ff9ff83fc213f1581d59c562a806640cdc7a10537fa5ddb240051152ff38b5933ea7c7dc33
+  data.tar.gz: 381da6fbfb0fa544357bc492cfc9535992097ed7118846bae62f1b1953e5058f7b1bbc389ebd0dd8543fb035edaba55cee34a8c73a1b4fa84fc2ffc3e8bf9654

data/README.md CHANGED Viewed

@@ -91,9 +91,10 @@ Marcel::MimeType.extend "application/ino", extensions: %w(ino), parents: "text/p
 ```
 **Content type spoofing protection**
 File content type spoofing happens when an ill-intentioned user uploads a file which hides its true content type by faking its extension and its declared content type value. For example, a user may try to upload a `.exe` file (application/x-msdownload content type) dissimulated as a `.jpg` file (image/jpeg content type).
-By default, the gem does not prevent content type spoofing (prevent it by default is a breaking change that will be implemented in v2). The spoofing protection relies on both the linux `file` command and `Marcel` gem.
+By default, the gem does not prevent content type spoofing (prevent it by default is a breaking change that will be implemented in v2). The spoofing protection relies on both the linux `file` command and `Marcel` gem. Be careful, since it needs to load the whole file io to perform the analysis, it will use a lot of RAM for very large files. Therefore it could be a wise decision not to enable it in this case.
 Take note that the `file` analyzer will not find the exactly same content type as the ActiveStorage blob (its content type detection relies on a different logic using content+filename+extension). To handle this issue, we consider a close parent content type to be a match. For example, for an ActiveStorage blob which content type is `video/x-ms-wmv`, the `file` analyzer will probably detect a `video/x-ms-asf` content type, this will be considered as a valid match because these 2 content types are closely related. The correlation mapping is based on `Marcel::TYPE_PARENTS`.
@@ -202,7 +203,6 @@ en:
       aspect_ratio_not_portrait: "must be a portrait image"
       aspect_ratio_not_landscape: "must be a landscape image"
       aspect_ratio_is_not: "must have an aspect ratio of %{aspect_ratio}"
-      aspect_ratio_unknown: "has an unknown aspect ratio"
       image_not_processable: "is not a valid image"
 ```
@@ -221,7 +221,8 @@ aspect_ratio_is_not: "must be a %{aspect_ratio} image"
 ### Content type
 The `content_type_invalid` key has three variables that you can use:
-- `content_type` containing the content type of the sent file
+- `content_type` containing the exact content type of the sent file
+- `human_content_type` containing a more user-friendly version of the sent file content type (e.g. 'TXT' for 'text/plain')
 - `authorized_types` containing the list of authorized content types
 - `filename` containing the current file name
@@ -436,10 +437,11 @@ Then you can use the matchers with the syntax specified in the RSpec section, ju
 To run tests in root folder of gem:
-* `BUNDLE_GEMFILE=gemfiles/rails_6_1_4.gemfile bundle exec rake test` to run for Rails 6.1.4
+* `BUNDLE_GEMFILE=gemfiles/rails_6_1_4.gemfile bundle exec rake test` to run for Rails 7.0
 * `BUNDLE_GEMFILE=gemfiles/rails_7_0.gemfile bundle exec rake test` to run for Rails 7.0
-* `BUNDLE_GEMFILE=gemfiles/rails_7_1.gemfile bundle exec rake test` to run for Rails 7.0
-* `BUNDLE_GEMFILE=gemfiles/rails_next.gemfile bundle exec rake test` to run for Rails main branch
+* `BUNDLE_GEMFILE=gemfiles/rails_7_1.gemfile bundle exec rake test` to run for Rails 7.1
+* `BUNDLE_GEMFILE=gemfiles/rails_7_2.gemfile bundle exec rake test` to run for Rails 7.2
+* `BUNDLE_GEMFILE=gemfiles/rails_8_0.gemfile bundle exec rake test` to run for Rails 8.0
 Snippet to run in console:
@@ -447,11 +449,13 @@ Snippet to run in console:
 BUNDLE_GEMFILE=gemfiles/rails_6_1_4.gemfile bundle
 BUNDLE_GEMFILE=gemfiles/rails_7_0.gemfile bundle
 BUNDLE_GEMFILE=gemfiles/rails_7_1.gemfile bundle
-BUNDLE_GEMFILE=gemfiles/rails_next.gemfile bundle
+BUNDLE_GEMFILE=gemfiles/rails_7_2.gemfile bundle
+BUNDLE_GEMFILE=gemfiles/rails_8_0.gemfile bundle
 BUNDLE_GEMFILE=gemfiles/rails_6_1_4.gemfile bundle exec rake test
 BUNDLE_GEMFILE=gemfiles/rails_7_0.gemfile bundle exec rake test
 BUNDLE_GEMFILE=gemfiles/rails_7_1.gemfile bundle exec rake test
-BUNDLE_GEMFILE=gemfiles/rails_next.gemfile bundle exec rake test
+BUNDLE_GEMFILE=gemfiles/rails_7_2.gemfile bundle exec rake test
+BUNDLE_GEMFILE=gemfiles/rails_8_0.gemfile bundle exec rake test
 ```
 Tips:

data/config/locales/da.yml CHANGED Viewed

@@ -29,5 +29,4 @@ da:
       aspect_ratio_not_portrait: "skal være et portrætbillede"
       aspect_ratio_not_landscape: "skal være et landskabsbillede"
       aspect_ratio_is_not: "skal have et størrelsesforhold på %{aspect_ratio}"
-      aspect_ratio_unknown: "har et ukendt størrelsesforhold"
       image_not_processable: "er ikke et gyldigt billede"

data/config/locales/de.yml CHANGED Viewed

@@ -29,5 +29,4 @@ de:
       aspect_ratio_not_portrait: "muss Hochformat sein"
       aspect_ratio_not_landscape: "muss Querformat sein"
       aspect_ratio_is_not: "muss ein Bildseitenverhältnis von %{aspect_ratio} haben"
-      aspect_ratio_unknown: "hat ein unbekanntes Bildseitenverhältnis"
       image_not_processable: "ist kein gültiges Bild"

data/config/locales/en.yml CHANGED Viewed

@@ -29,5 +29,4 @@ en:
       aspect_ratio_not_portrait: "must be a portrait image"
       aspect_ratio_not_landscape: "must be a landscape image"
       aspect_ratio_is_not: "must have an aspect ratio of %{aspect_ratio}"
-      aspect_ratio_unknown: "has an unknown aspect ratio"
       image_not_processable: "is not a valid image"

data/config/locales/es.yml CHANGED Viewed

@@ -29,5 +29,4 @@ es:
       aspect_ratio_not_portrait: "debe ser una imagen vertical"
       aspect_ratio_not_landscape: "debe ser una imagen apaisada"
       aspect_ratio_is_not: "debe tener una relación de aspecto de %{aspect_ratio}"
-      aspect_ratio_unknown: "tiene una relación de aspecto desconocida"
       image_not_processable: "no es una imagen válida"

data/config/locales/fr.yml CHANGED Viewed

@@ -29,5 +29,4 @@ fr:
       aspect_ratio_not_portrait: "doit être une image en format portrait"
       aspect_ratio_not_landscape: "doit être une image en format paysage"
       aspect_ratio_is_not: "doit avoir un rapport hauteur / largeur de %{aspect_ratio}"
-      aspect_ratio_unknown: "a un rapport d'aspect inconnu"
       image_not_processable: "n'est pas une image valide"

data/config/locales/it.yml CHANGED Viewed

@@ -29,5 +29,4 @@ it:
       aspect_ratio_not_portrait: "l’orientamento dell’immagine deve essere verticale"
       aspect_ratio_not_landscape: "l’orientamento dell’immagine deve essere orizzontale"
       aspect_ratio_is_not: "deve avere un rapporto altezza / larghezza di %{aspect_ratio}"
-      aspect_ratio_unknown: "ha un rapporto altezza / larghezza sconosciuto"
       image_not_processable: "non è un'immagine valida"

data/config/locales/ja.yml CHANGED Viewed

@@ -29,5 +29,4 @@ ja:
       aspect_ratio_not_portrait: "は縦長にしてください"
       aspect_ratio_not_landscape: "は横長にしてください"
       aspect_ratio_is_not: "のアスペクト比は %{aspect_ratio} にしてください"
-      aspect_ratio_unknown: "のアスペクト比を取得できませんでした"
       image_not_processable: "は不正な画像です"

data/config/locales/nl.yml CHANGED Viewed

@@ -29,5 +29,4 @@ nl:
       aspect_ratio_not_portrait: "moet een staande afbeelding zijn"
       aspect_ratio_not_landscape: "moet een liggende afbeelding zijn"
       aspect_ratio_is_not: "moet een beeldverhouding hebben van %{aspect_ratio}"
-      aspect_ratio_unknown: "heeft een onbekende beeldverhouding"
       image_not_processable: "is geen geldige afbeelding"

data/config/locales/pl.yml CHANGED Viewed

@@ -29,5 +29,4 @@ pl:
       aspect_ratio_not_portrait: "musi mieć proporcje portretu"
       aspect_ratio_not_landscape: "musi mieć proporcje pejzażu"
       aspect_ratio_is_not: "musi mieć proporcje %{aspect_ratio}"
-      aspect_ratio_unknown: "ma nieokreślone proporcje"
       image_not_processable: "nie jest prawidłowym obrazem"

data/config/locales/pt-BR.yml CHANGED Viewed

@@ -29,5 +29,4 @@ pt-BR:
       aspect_ratio_not_portrait: "não está no formato retrato"
       aspect_ratio_not_landscape: "não está no formato paisagem"
       aspect_ratio_is_not: "não contém uma proporção de %{aspect_ratio}"
-      aspect_ratio_unknown: "não tem uma proporção definida"
       image_not_processable: "não é uma imagem válida"

data/config/locales/ru.yml CHANGED Viewed

@@ -29,5 +29,4 @@ ru:
       aspect_ratio_not_portrait: "должно быть портретное изображение"
       aspect_ratio_not_landscape: "должно быть пейзажное изображение"
       aspect_ratio_is_not: "должен иметь соотношение сторон %{aspect_ratio}"
-      aspect_ratio_unknown: "имеет неизвестное соотношение сторон"
       image_not_processable: "не является допустимым изображением"

data/config/locales/sv.yml CHANGED Viewed

@@ -29,5 +29,4 @@ sv:
       aspect_ratio_not_portrait: "måste vara en porträttorienterad bild"
       aspect_ratio_not_landscape: "måste vara en landskapsorienterad bild"
       aspect_ratio_is_not: "måste ha en följande aspect ratio  %{aspect_ratio}"
-      aspect_ratio_unknown: "har en okänd aspect ratio"
       image_not_processable: "är inte en giltig bild"

data/config/locales/tr.yml CHANGED Viewed

@@ -29,5 +29,4 @@ tr:
       aspect_ratio_not_portrait: "dikey bir imaj olmalı"
       aspect_ratio_not_landscape: "yatay bir imaj olmalı"
       aspect_ratio_is_not: "%{aspect_ratio} en boy oranına sahip olmalı"
-      aspect_ratio_unknown: "bilinmeyen en boy oranı"
       image_not_processable: "geçerli bir imaj değil"

data/config/locales/uk.yml CHANGED Viewed

@@ -29,5 +29,4 @@ uk:
       aspect_ratio_not_portrait: "мусить бути портретне зображення"
       aspect_ratio_not_landscape: "мусить бути пейзажне зображення"
       aspect_ratio_is_not: "мусить мати співвідношення сторін %{aspect_ratio}"
-      aspect_ratio_unknown: "має невідоме співвідношення сторін"
       image_not_processable: "не є допустимим зображенням"

data/config/locales/vi.yml CHANGED Viewed

@@ -29,5 +29,4 @@ vi:
       aspect_ratio_not_portrait: "phải là ảnh đứng"
       aspect_ratio_not_landscape: "phải là ảnh ngang"
       aspect_ratio_is_not: "phải có tỉ lệ ảnh %{aspect_ratio}"
-      aspect_ratio_unknown: "tỉ lệ ảnh không xác định"
       image_not_processable: "không phải là ảnh"

data/config/locales/zh-CN.yml CHANGED Viewed

@@ -29,5 +29,4 @@ zh-CN:
       aspect_ratio_not_portrait: "必须是竖屏图片"
       aspect_ratio_not_landscape: "必须是横屏图片"
       aspect_ratio_is_not: "纵横比必须是 %{aspect_ratio}"
-      aspect_ratio_unknown: "未知的纵横比"
       image_not_processable: "不是有效的图像"

data/lib/active_storage_validations/aspect_ratio_validator.rb CHANGED Viewed

@@ -1,16 +1,17 @@
 # frozen_string_literal: true
-require_relative 'concerns/active_storageable.rb'
-require_relative 'concerns/errorable.rb'
-require_relative 'concerns/metadatable.rb'
-require_relative 'concerns/symbolizable.rb'
+require_relative 'shared/active_storageable'
+require_relative 'shared/attachable'
+require_relative 'shared/errorable'
+require_relative 'shared/optionable'
+require_relative 'shared/symbolizable'
 module ActiveStorageValidations
   class AspectRatioValidator < ActiveModel::EachValidator # :nodoc
     include ActiveStorageable
+    include Attachable
     include Errorable
-    include Metadatable
-    include OptionProcUnfolding
+    include Optionable
     include Symbolizable
     AVAILABLE_CHECKS = %i[with].freeze
@@ -22,7 +23,6 @@ module ActiveStorageValidations
       aspect_ratio_not_portrait
       aspect_ratio_not_landscape
       aspect_ratio_is_not
-      aspect_ratio_unknown
     ].freeze
     PRECISION = 3.freeze
@@ -40,48 +40,63 @@ module ActiveStorageValidations
     private
     def is_valid?(record, attribute, attachable, metadata)
-      flat_options = unfold_procs(record, self.options, AVAILABLE_CHECKS)
-      errors_options = initialize_error_options(options, attachable)
-      if metadata[:width].to_i <= 0 || metadata[:height].to_i <= 0
-        errors_options[:aspect_ratio] = flat_options[:with]
+      flat_options = set_flat_options(record)
-        add_error(record, attribute, :image_metadata_missing, **errors_options)
-        return false
-      end
+      return if image_metadata_missing?(record, attribute, attachable, flat_options, metadata)
       case flat_options[:with]
-      when :square
-        return true if metadata[:width] == metadata[:height]
-        errors_options[:aspect_ratio] = flat_options[:with]
-        add_error(record, attribute, :aspect_ratio_not_square, **errors_options)
-      when :portrait
-        return true if metadata[:height] > metadata[:width]
-        errors_options[:aspect_ratio] = flat_options[:with]
-        add_error(record, attribute, :aspect_ratio_not_portrait, **errors_options)
-      when :landscape
-        return true if metadata[:width] > metadata[:height]
-        errors_options[:aspect_ratio] = flat_options[:with]
-        add_error(record, attribute, :aspect_ratio_not_landscape, **errors_options)
-      when ASPECT_RATIO_REGEX
-        flat_options[:with] =~ ASPECT_RATIO_REGEX
-        x = $1.to_i
-        y = $2.to_i
-        return true if x > 0 && y > 0 && (x.to_f / y).round(PRECISION) == (metadata[:width].to_f / metadata[:height]).round(PRECISION)
-        errors_options[:aspect_ratio] = "#{x}:#{y}"
-        add_error(record, attribute, :aspect_ratio_is_not, **errors_options)
-      else
-        errors_options[:aspect_ratio] = flat_options[:with]
-        add_error(record, attribute, :aspect_ratio_unknown, **errors_options)
-        return false
+      when :square then validate_square_aspect_ratio(record, attribute, attachable, flat_options, metadata)
+      when :portrait then validate_portrait_aspect_ratio(record, attribute, attachable, flat_options, metadata)
+      when :landscape then validate_landscape_aspect_ratio(record, attribute, attachable, flat_options, metadata)
+      when ASPECT_RATIO_REGEX then validate_regex_aspect_ratio(record, attribute, attachable, flat_options, metadata)
       end
     end
+    def image_metadata_missing?(record, attribute, attachable, flat_options, metadata)
+      return false if metadata[:width].to_i > 0 && metadata[:height].to_i > 0
+      errors_options = initialize_error_options(options, attachable)
+      errors_options[:aspect_ratio] = flat_options[:with]
+      add_error(record, attribute, :image_metadata_missing, **errors_options)
+      true
+    end
+    def validate_square_aspect_ratio(record, attribute, attachable, flat_options, metadata)
+      return if metadata[:width] == metadata[:height]
+      errors_options = initialize_error_options(options, attachable)
+      errors_options[:aspect_ratio] = flat_options[:with]
+      add_error(record, attribute, :aspect_ratio_not_square, **errors_options)
+    end
+    def validate_portrait_aspect_ratio(record, attribute, attachable, flat_options, metadata)
+      return if metadata[:width] < metadata[:height]
+      errors_options = initialize_error_options(options, attachable)
+      errors_options[:aspect_ratio] = flat_options[:with]
+      add_error(record, attribute, :aspect_ratio_not_portrait, **errors_options)
+    end
+    def validate_landscape_aspect_ratio(record, attribute, attachable, flat_options, metadata)
+      return if metadata[:width] > metadata[:height]
+      errors_options = initialize_error_options(options, attachable)
+      errors_options[:aspect_ratio] = flat_options[:with]
+      add_error(record, attribute, :aspect_ratio_not_landscape, **errors_options)
+    end
+    def validate_regex_aspect_ratio(record, attribute, attachable, flat_options, metadata)
+      flat_options[:with] =~ ASPECT_RATIO_REGEX
+      x = $1.to_i
+      y = $2.to_i
+      return if x > 0 && y > 0 && (x.to_f / y).round(PRECISION) == (metadata[:width].to_f / metadata[:height]).round(PRECISION)
+      errors_options = initialize_error_options(options, attachable)
+      errors_options[:aspect_ratio] = "#{x}:#{y}"
+      add_error(record, attribute, :aspect_ratio_is_not, **errors_options)
+    end
     def ensure_at_least_one_validator_option
       unless AVAILABLE_CHECKS.any? { |argument| options.key?(argument) }
         raise ArgumentError, 'You must pass :with to the validator'

data/lib/active_storage_validations/attached_validator.rb CHANGED Viewed

@@ -1,8 +1,8 @@
 # frozen_string_literal: true
-require_relative 'concerns/active_storageable.rb'
-require_relative 'concerns/errorable.rb'
-require_relative 'concerns/symbolizable.rb'
+require_relative 'shared/active_storageable'
+require_relative 'shared/errorable'
+require_relative 'shared/symbolizable'
 module ActiveStorageValidations
   class AttachedValidator < ActiveModel::EachValidator # :nodoc:

data/lib/active_storage_validations/base_size_validator.rb CHANGED Viewed

@@ -1,14 +1,15 @@
 # frozen_string_literal: true
-require_relative 'concerns/active_storageable.rb'
-require_relative 'concerns/errorable.rb'
-require_relative 'concerns/symbolizable.rb'
+require_relative 'shared/active_storageable'
+require_relative 'shared/errorable'
+require_relative 'shared/optionable'
+require_relative 'shared/symbolizable'
 module ActiveStorageValidations
   class BaseSizeValidator < ActiveModel::EachValidator # :nodoc:
     include ActiveStorageable
     include Errorable
-    include OptionProcUnfolding
+    include Optionable
     include Symbolizable
     delegate :number_to_human_size, to: ActiveSupport::NumberHelper

data/lib/active_storage_validations/content_type_spoof_detector.rb CHANGED Viewed

@@ -1,18 +1,20 @@
 # frozen_string_literal: true
-require_relative 'concerns/loggable'
+require_relative 'shared/attachable'
+require_relative 'shared/loggable'
 require 'open3'
 module ActiveStorageValidations
   class ContentTypeSpoofDetector
     class FileCommandLineToolNotInstalledError < StandardError; end
+    include Attachable
     include Loggable
-    def initialize(record, attribute, file)
+    def initialize(record, attribute, attachable)
       @record = record
       @attribute = attribute
-      @file = file
+      @attachable = attachable
     end
     def spoofed?
@@ -27,60 +29,22 @@ module ActiveStorageValidations
     private
     def filename
-      @filename ||= @file.blob.present? && @file.blob.filename.to_s
+      @filename ||= attachable_filename(@attachable).to_s
     end
     def supplied_content_type
-      # We remove potential mime type parameters
-      @supplied_content_type ||= @file.blob.present? && @file.blob.content_type.downcase.split(/[;,\s]/, 2).first
+      @supplied_content_type ||= attachable_content_type(@attachable)
     end
     def io
-      @io ||= case @record.public_send(@attribute)
-              when ActiveStorage::Attached::One then get_io_from_one
-              when ActiveStorage::Attached::Many then get_io_from_many
-              end
-    end
-    def get_io_from_one
-      attachable = @record.attachment_changes[@attribute.to_s].attachable
-      case attachable
-      when ActionDispatch::Http::UploadedFile
-        attachable.read
-      when String
-        blob = ActiveStorage::Blob.find_signed!(attachable)
-        blob.download
-      when ActiveStorage::Blob
-        attachable.download
-      when Hash
-        attachable[:io].read
-      end
-    end
-    def get_io_from_many
-      attachables = @record.attachment_changes[@attribute.to_s].attachables
-      if attachables.all? { |attachable| attachable.is_a?(ActionDispatch::Http::UploadedFile) }
-        attachables.find do |uploaded_file|
-          checksum = ActiveStorage::Blob.new.send(:compute_checksum_in_chunks, uploaded_file)
-          checksum == @file.checksum
-        end.read
-      elsif attachables.all? { |attachable| attachable.is_a?(String) }
-        # It's only possible to pass one String as attachable (not an array of String)
-        blob = ActiveStorage::Blob.find_signed!(attachables.first)
-        blob.download
-      elsif attachables.all? { |attachable| attachable.is_a?(ActiveStorage::Blob) }
-        attachables.find { |blob| blob == @file.blob }.download
-      elsif attachables.all? { |attachable| attachable.is_a?(Hash) }
-        # It's only possible to pass one Hash as attachable (not an array of Hash)
-        attachables.first[:io].read
-      end
+      @io ||= attachable_io(@attachable)
     end
+    # Return the content_type found by Open3 analysis.
+    #
+    # Using Open3 is a better alternative than Marcel (Marcel::MimeType.for(io))
+    # for analyzing content type solely based on the file io.
     def content_type_from_analyzer
-      # Using Open3 is a better alternative than Marcel (Marcel::MimeType.for(io))
-      # for analyzing content type solely based on the file io
       @content_type_from_analyzer ||= open3_mime_type_for_io
     end